sendmail: Added certificate authentication support into sendmail::client::msa.
This commit is contained in:
parent
f7f0f2fb36
commit
f500ae452d
2 changed files with 70 additions and 0 deletions
|
|
@ -141,8 +141,72 @@ class sendmail::client inherits sendmail::common {
|
||||||
|
|
||||||
# Configure Sendmail submission using port 587.
|
# Configure Sendmail submission using port 587.
|
||||||
#
|
#
|
||||||
|
# === Global variables:
|
||||||
|
#
|
||||||
|
# $mail_server:
|
||||||
|
# Hostname of mail server.
|
||||||
|
#
|
||||||
|
# $sendmail_ssl_key:
|
||||||
|
# Path to SSL key file used for authentication. If not set no
|
||||||
|
# certificate authentication will be performed.
|
||||||
|
#
|
||||||
|
# $sendmail_ssl_cert:
|
||||||
|
# Path to SSL certificate file used for authentication. If not set no
|
||||||
|
# certificate authentication will be performed.
|
||||||
|
#
|
||||||
class sendmail::client::msa inherits sendmail::client {
|
class sendmail::client::msa inherits sendmail::client {
|
||||||
|
|
||||||
|
if $sendmail_ssl_key and $sendmail_ssl_cert {
|
||||||
|
|
||||||
|
include ssl
|
||||||
|
|
||||||
|
$ssl_key = basename($sendmail_ssl_key)
|
||||||
|
$ssl_cert = basename($sendmail_ssl_cert)
|
||||||
|
file { "${ssl::private}/${ssl_key}":
|
||||||
|
ensure => present,
|
||||||
|
mode => "0640",
|
||||||
|
owner => "root",
|
||||||
|
group => "smmsp",
|
||||||
|
source => $sendmail_ssl_key,
|
||||||
|
notify => Service["sendmail"],
|
||||||
|
}
|
||||||
|
file { "${ssl::certs}/${ssl_cert}":
|
||||||
|
ensure => present,
|
||||||
|
mode => "0644",
|
||||||
|
owner => "root",
|
||||||
|
group => "root",
|
||||||
|
source => $sendmail_ssl_cert,
|
||||||
|
notify => Service["sendmail"],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "/etc/mail/authinfo":
|
||||||
|
ensure => present,
|
||||||
|
content => "AuthInfo:${mail_server} \"U: \" \"P: \" \"M:EXTERNAL\"\n",
|
||||||
|
mode => "0640",
|
||||||
|
owner => "root",
|
||||||
|
group => $::operatingsystem ? {
|
||||||
|
"openbsd" => "wheel",
|
||||||
|
default => "root",
|
||||||
|
},
|
||||||
|
notify => Exec["make authinfo.db"],
|
||||||
|
}
|
||||||
|
exec { "make authinfo.db":
|
||||||
|
path => "/bin:/usr/bin:/sbin:/usr/sbin",
|
||||||
|
command => "makemap hash /etc/mail/authinfo < /etc/mail/authinfo",
|
||||||
|
refreshonly => true,
|
||||||
|
notify => Service["sendmail"],
|
||||||
|
}
|
||||||
|
file { "/etc/mail/authinfo.db":
|
||||||
|
ensure => present,
|
||||||
|
mode => "0640",
|
||||||
|
owner => "root",
|
||||||
|
group => "smmsp",
|
||||||
|
require => Exec["make authinfo.db"],
|
||||||
|
before => Service["sendmail"],
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
File["/etc/mail/submit.mc"] {
|
File["/etc/mail/submit.mc"] {
|
||||||
content => template("sendmail/submit.mc.erb", "sendmail/submit.mc.msa.erb"),
|
content => template("sendmail/submit.mc.erb", "sendmail/submit.mc.msa.erb"),
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1 +1,7 @@
|
||||||
|
<% if @ssl_key and @ssl_cert -%>
|
||||||
|
define(`confCLIENT_CERT', `<%= scope.lookupvar('ssl::certs') %>/<%= @ssl_cert %>')
|
||||||
|
define(`confCLIENT_KEY', `<%= scope.lookupvar('ssl::private') %>/<%= @ssl_key %>')
|
||||||
|
define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
|
||||||
|
FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/authinfo')dnl
|
||||||
|
<% end -%>
|
||||||
FEATURE(`msp', `[<%= @mail_server %>]', `MSA')dnl
|
FEATURE(`msp', `[<%= @mail_server %>]', `MSA')dnl
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue